diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-04-28 17:04:51 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-06-05 16:39:33 +0200 |
commit | 01c049ceef55c7bbfca1e47cecb2a0a2cf0a5d44 (patch) | |
tree | 48f1882d9c9fa5c308d038d71d05881c86011f40 /src/util/domain_info_utils.c | |
parent | 12089241f6a6eabf4f0c95669e5fc2bb3b503c06 (diff) | |
download | sssd-01c049ceef55c7bbfca1e47cecb2a0a2cf0a5d44.tar.gz sssd-01c049ceef55c7bbfca1e47cecb2a0a2cf0a5d44.tar.xz sssd-01c049ceef55c7bbfca1e47cecb2a0a2cf0a5d44.zip |
UTIL: Inherit ignore_group_members
Resolves:
https://fedorahosted.org/sssd/ticket/2644
Allows the administrators to extend ignore_group_members to subdomains
as well by setting:
subdomain_inherit = ignore_group_members
in the domain section.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Diffstat (limited to 'src/util/domain_info_utils.c')
-rw-r--r-- | src/util/domain_info_utils.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index dc306848c..073ba3c6a 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -206,6 +206,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, const char *forest) { struct sss_domain_info *dom; + bool inherit_option; DEBUG(SSSDBG_TRACE_FUNC, "Creating [%s] as subdomain of [%s]!\n", name, parent->name); @@ -281,6 +282,14 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, dom->enumerate = enumerate; dom->fqnames = true; dom->mpg = mpg; + /* If the parent domain filters out group members, the subdomain should + * as well if configured */ + inherit_option = string_in_list(CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS, + parent->sd_inherit, false); + if (inherit_option) { + dom->ignore_group_members = parent->ignore_group_members; + } + /* If the parent domain explicitly limits ID ranges, the subdomain * should honour the limits as well. */ |